PECB Lead Auditor Exam Questions

Question 6 of 169

After an information security incident, an organization created a comprehensive backup procedure involving regular, automated backups of all critical data to offsite storage locations. By doing so, which principle of information security is the organization applying in this case?

Integrity

Confidentiality

Availability

Correct Answer: C

Question 7 of 169

A data processing tool crashed when a user added more data to the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound check arrays. What kind of vulnerability is this?

Intrinsic vulnerability, i.e., inability to bound check arrays, is a characteristic of the data processing tool

Extrinsic vulnerability, i.e., the exploit of the buffer overflow vulnerability, is caused by an external factor

None; buffer overflow is not a vulnerability; it is a threat

Correct Answer: A

Question 8 of 169

Which of the following best defines managerial controls?

Controls related to the management of personnel, including training of employees, management reviews, and internal audits

Controls related to organizational structure, such as segregation of duties, job rotations, job descriptions, and approval processes

Controls related to the use of technical measures or technologies, such as firewalls, alarm systems, surveillance cameras, and IDSs

Correct Answer: A

Question 9 of 169

What is the objective of penetration testing in the risk assessment process?

To conduct thorough code reviews

To identify potential failures in the ICT protection schemes

To physically inspect hardware components

Correct Answer: B

Question 10 of 169

Which controls are related to the Annex A controls of ISO/IEC 27001 and are often selected from other guides and standards or defined by the organization to meet its specific needs?

General controls

Strategic controls

Specific controls

Correct Answer: A